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A METHOD AND APPARATUS FOR PROVIDING AN AUTOMATED 
LOGIN PROCESS 

Technical Field 

The present invention relates generally to Internet electronic commerce, 
and in particular to registration with a web server by a user visiting the web server. 

Background of The Invention 

A typical electronic commerce (eCommerce) web site allows a consumer, logging 
onto the web site from a client data terminal, such as a personal computer (PC) or a 
workstation, to purchase goods or services offered by the company maintaining the web 
site. Such a web site typically requires that the consumer login with the web server that 
is actually hosting the site. The "login" process usually means that the consumer provide 
registration information, such as a name, address, telephone number, and electronic mail 
(email) address, before the consumer is able to access the services offered by the web 
site. The consumer's registration information is stored in a database maintained by the 
host server, and in response to receiving the information the host server typically 
provides the consumer with a unique personal identifier, such as a personal identification 
number (PIN), that is associated with the stored information. When the consumer 
subsequently revisits the web site, the PIN can serve to authenticate the user instead of 
requiring the user to fully re-register. 

It is not uncommon for an eCommerce web site to include one or more computer 
input marks, such as an icon or a textual phrase, that allows a consumer visiting the web 
site to connect to a second, perhaps unrelated web site hosted by a second web server. 
Typically, when the second web site is another eCommerce web site, the consumer is 
again required to login at the second web site, again providing registration information 
and receiving, in return, a second personal identifier. When, at a future time, the 
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consumer again returns to the second web site via the first web site, the consumer is again 
required to login to the second web site, providing at least the second personal identifier 
if not additional registration information. Requiring the consumer to repeatedly provide 
extensive information every time a consumer links to an eCommerce web site via another 
eCommerce web site is cumbersome and inconvenient to the consumer. 

In order to avoid such repetitive logins, some web servers store on a client data 
terminal (the consumer's PC) small data files, (also referred to as "objects") known as 
"cookies." When a user of a client data terminal first links to a web site, the host server 
obtains registration information from the consumer and stores the registration 
information and/or an assigned personal identifier in a cookie that is stored on the client 
data terminal. When the user of the client data terminal subsequently links to the web 
site, the host server locates the cookie on the client data terminal and retrieves the 
registration information and/or personal identifier from the cookie, eliminating the need 
for the user to again provide the information or identifier. The use of cookies by host 
servers has become so widespread that issues of consumer privacy and the storage of 
cookies on consumers' computers are topics of heated public debate. Some consumers 
even attempt to block the storage of cookies on their computers or disable cookies 
already stored there. Furthermore, cookies do not address the needs of the mobile user 
who often has access to computers spread over distances. 

Therefore, a need exists for a method and apparatus whereby a consumer can link 
to a second web site through a first web site and access the services of the second web 
site without being required to provide registration information or a personal identifier and 
without the use of a "cookie." 

Summary of The Invention 

An automated login process is provided for a user connecting to a server, wherein 
the server is a first server of multiple servers that are connected via a computer network. 
The server receives a connection to the user via a client data terminal, receives an 
identifier associated with a second server of the multiple servers, and authenticates the 
user based on the identifier. By authenticating the user based on the identifier, the need 
for the user to input registration information or a personal identifier as part of the login 
process is eliminated. 
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Brief Description of the Drawings 

FIG. 1 is a block diagram of a computer data system in accordance with the 
present invention. 

5 FIG. 2 is a logic flow diagram of the steps executed by a web server in providing 

an automated login process in accordance with the present invention. 



Detailed Description of the Invention 

The present invention can be more fully understood with reference to FIGs. 1 and 

10 2. FIG. 1 is a block diagram of a computer data system 100 in accordance with the 
present invention. A user at a client data terminal 102, such as a personal computer or 
a workstation, accesses each of multiple web servers 1 10, 1 14 (two shown) via a data 
network 108 such as the Internet. Each of web servers 1 10, 1 14 can be an HP 9000 K- 
series server or an HP 9000 Enterprise server available from Hewlett-Packard Company 

15 or any other web server or equivalent thereof, including for example, a network of 
computers or processors that are linked together, which is known art. Each of the web 
servers 110, 114 is typically operated by, or at the behest of, a provider of goods or 
services and includes a registration system whereby a prospective purchaser of goods or 
services, or a previous customer (all of which are hereinafter referred to as a "user") 

20 connects to the server and registers with the server and whereby the server authenticates 
the user upon subsequent visits by the user to the server. Each web server 110, 114 stores 
one or more user interfaces, such as a web page, in a memory associated with the server. 
Each user interface provides a means by which a server 110, 114 can exchange 
information with the user when the user is connected to the server via client data terminal 

25 102. 

Client data terminal 102 includes a processor 104 coupled to a memory 106 that 
stores instructions and programs, including a web browser application, that are executed 
by the processor. A user of client data terminal 102 establishes a connection to a web 
server 110, 114 by activating the web browser stored in memory 106 and inputting a 
30 uniform resource locator (URL) corresponding to an Internet Protocol (IP) address of a 
web server 110, 114. Using known techniques and communication protocols, the web 
browser then connects, via data network 108, with the web server corresponding to the 
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input URL. Many other methods are known for instructing a web browser to connect a 
client data terminal to a web server and may be used herein without departing from the 
spirit and scope of the present invention. 

When a user of client data terminal 102 connects to a web server, such as web 
server 110, the user is typically requested by the web server to "login." The login 
process typically requires that the user provide to the server (i.e., server 1 10) registration 
information, such as the user's name, post office address, telephone number, and 
electronic mail (email) address, or provide a personal identifier by which server 1 10 can 
authenticate the user. In one embodiment of the present invention, when the user 
connects to server 110, the server conveys to the user, via client data terminal 102, a user 
interface. Included in the user interface is a request that the user login, that is, provide 
a personal identifier or registration information, and appropriate data fields for the input 
of the requested information. The user then inputs the appropriate data into the 
appropriate data fields and conveys the data back to server 110. When the data then 
received by server 110 includes registration information, server 110 stores the received 
data, preferably in a user profile that server 110 creates in a registration database 1 12 that 
is included in or connected to the server. 

Upon receiving registration information from the client data terminal, server 110 
generates a personal identifier that typically includes one or more symbols or 
alphanumeric values, such as a personal identification number (PIN) or password, that 
is associated with the registration information just received by server 110 from the user. 
Alternative embodiments might generate personal identifiers that are comprised of other 
combinations of words, phrases or the like. Server 110 stores the personal identifier, 
preferably in the user's profile, which is a data file in registration database 112, and 
conveys the personal identifier to the user. Use of the personal identifier thereafter 
allows the user to expedite the login process when the user subsequently connects to 
server 110, wherein the user need only provide the personal identifier to server 110 
instead of again providing registration information. Upon receiving the personal 
identifier from the user during such subsequent connections, server 110 then 
authenticates the user by searching for, and locating, a matching personal identifier in 
registration database 1 12. A match between a stored personal identifier and the personal 
identifier sent to the server 110 by a putative user, provides a basis for the server to 
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consider the user who supplied the personal identifier to be the same person to whom the 
personal identifier was first supplied and identified by the data that the user provided 
during the registration process. By way of a personal identifier match, the user is 
considered to be authenticated. 

5 In the present invention, included in one of the one or more user interfaces of web 

server 1 10 is a computer input mark, such as an icon or a textual phrase, that includes a 
hyperlink to a second web server, such as web server 114. Selection of the computer 
input mark by the user causes the web browser running on client data terminal 102 to 
establish a connection to the second web server, that is, server 1 14. Web server 1 10 is 

10 affiliated with web server 1 14 in the sense that web server 1 10 provides a means by 
which a user visiting web server 110 can connect to web server 114. In the prior art, in 
the absence of a "cookie," each time the user connects to server 114 via the hyperlink of 
server 110, the user is required to login to server 1 14 by providing either registration 
information or a personal identifier. The present invention eliminates the need for the 

15 user to provide any login information when connecting to server 1 14 via the hyperlink 
of server 110 after going through a one-time registration process. 

Computer input marks are well known in the art. Computer input marks typically 
include an underlying URL associated with another file in the web server or with a file 
in another web server. Computer input marks typically further include an underlying 

20 instruction, executed by a web browser running on a client data terminal, to establish a 
connection between the client terminal and the server and file associated with the 
underlying URL. In one embodiment of the present invention, the computer input mark 
of the user interface of web server 110 further includes an underlying personal identifier, 
which personal identifier was assigned to the user by web server 110, and an underlying 

25 provider identifier associated with web server 110. The provider identifier allows the 
web server associated with the underlying URL, that is, web server 1 14, to identify the 
affiliated web server that served as the source of the hyperlink, that is, web server 110. 
When the user of client data terminal 102 selects the computer input mark of the user 
interface of web server 110, processor 104 of client data terminal 102 establishes a 

30 connection between the terminal and server 1 14 via data network 108, and conveys to 
server 114 the personal identifier and the provider identifier associated with server 
110. 
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In an alternative embodiment of the present invention, when the user registers 
with web server 110, web server 110 may generate a user identifier that identifies both 
server 110 and the user, that is, which functions as both a provider identifier and a 
personal identifier. In the alternative embodiment, the computer input mark includes an 
5 underlying user identifier, instead of the personal identifier and the provider identifier. 
When the user of client data terminal 102 selects the computer input mark of the user 
interface of web server 110, processor 104 of client data terminal 102 establishes a 
connection between the terminal and server 114 via data network 108, and conveys to 
server 1 14 the user identifier associated with server 1 10. 

1 0 When the user of client data terminal 1 02 connects for the first time to web server 

1 14 via the computer input mark of the user interface of web server 110, the user goes 
through a login process on server 1 14 that is similar to the login process described above 
with respect to web server 110. Preferably, server 1 14 conveys to the user, via client data 
terminal 102, a user interface that includes a request that the user login, that is, provide 

15 a personal identifier or registration information. The user interface further includes data 
fields whereby the user can input the requested information. The user then inputs the 
requested data (i.e., the registration information when logging onto server 114 for the 
first time) into the user interface and conveys the data to server 1 14. Server 1 14 stores 
the registration information, along with the personal identifier and provider identifier 

20 associated with server 1 10, in a registration database 116 included in or connected to 
server 1 14. Preferably, prior to storing the personal identifier and provider identifier in 
registration database 116, server 114 requests and obtains the user's consent to use 
information obtained from server 1 10. Server 1 14 also generates and stores a personal 
identifier that is associated with the user's registration information. Preferably the 

25 registration information, the personal identifier and provider identifier associated with 
server 110, and the personal identifier generated by server 1 14 are all stored in a user 
profile that is created by server 1 14 in registration database 116. Server 1 14 also conveys 
the personal identifier generated by server 1 14 to the user. 

After the user leaves web server 1 14, the present invention provides a transparent 

30 login process for the user when he or she subsequently reconnects to web server 1 14 via 
the computer input mark included in the user interface of web server 110. When the user 
subsequently reconnects to server 114 via the computer input mark, server 114 again 
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receives from client data terminal 102 the personal identifier and provider identifier that 
underlie the computer input mark. Server 114 then searches registration database 1 16 for 
a personal identifier and provider identifier that match the received identifiers, which 
matching identifiers are stored in the user's profile. Upon locating the previously stored, 
5 matching identifiers, server 114 authenticates the user and permits the user access to one 
or more services provided by the server. Server 1 14 can also retrieve, from database 1 16, 
the user's stored registration information and personal identifier generated by server 1 14 
based on the personal identifier and provider identifier conveyed by terminal 102. 

For example, and merely for the purpose of illustrating the principles of the 

10 present invention, suppose that server 110 generates, and conveys to a user, a personal 
identifier 'X' when the user first registers with the server. A computer input mark of a 
user interface of server 110 includes a hyperlink to server 1 14 and further includes the 
personal identifier 'X' and a provider identifier 'Y' that is uniquely associated by server 
114 with server 110. When the user then connects to server 1 14 via the computer input 

1 5 mark of server 110, the user's client data terminal 102 conveys to server 1 14 the personal 
identifier 'X' and the provider identifier 'Y.' Server 114 then requests and receives 
registration information from the user and stores the registration information, along with 
the personal identifier 'X' and the provider identifier 'Y,' in a profile of the user in 
registration database 1 16. Server 114 also generates a personal identifier 'Z' that is also 

20 stored in the user's profile in database 116. 

The next time that the user connects to server 1 14 via the computer input mark 
of server 110, the user's client data terminal 102 again conveys to server 114 the personal 
identifier 'X' and the provider identifier 'Y.' Upon receiving the reconveyed identifiers 
'X' and 'Y,' server 114 searches registration database 116 for a stored 'X' and a 

25 corresponding stored 'Y.' Upon locating the stored 'X' and 'Y' in the user's profile in 
database 116, server 114 authenticates the user and permits the user access to one or 
more services provided by server 114. 

By authenticating the user based on the personal identifier and provider identifier 
conveyed to server 1 14 by client data terminal 102, the present invention eliminates the 

30 need for the user to provide any data when logging onto server 114 after going through 
a one-time registration process. System 100 thereby presents the user with a seamless 
transition from server 1 10 to server 114, eliminating any need for the user to stop and 
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provide any login information such as registration information or a personal identifier. 

FIG. 2 is a logic flow diagram 200 of a method for providing automated 
registration for a user connecting to a server, wherein the server comprises a first server 
5 of multiple servers that are connected via a computer network. The method starts (201) 
when the first server receives (202) a connection from the user for a first time. In the 
present invention, the connection is established as a result of the user selecting a 
computer input mark of a second server of the multiple servers, which computer input 
mark includes a hyperlink to the first server. Upon receiving the connection, the first 

10 server requests that the user to login. As a part of the login process, the first server 
receives (203) an identifier associated with the second server, which identifier preferably 
identifies both the user and the second server. Alternatively, the server may receive both 
a provider identifier associated with the second server and a personal identifier assigned 
to the user by the second server. The first server further receives (204) registration 

1 5 information from the user. The first server then stores (205) the received identifier and 
the registration information, preferably in a user profile that the first server creates in an 
associated registration database. 

Subsequent, in time, to receiving and storing the identifier and the registration 
information provided by the user, the first server receives (206) a second connection with 

20 the user as a result of the user again selecting the computer input mark of the second 
server. Upon receiving the second connection, the first server further receives (207) the 
identifier associated with the second server, or alternatively receives both the provider 
identifier associated with the second server and the personal identifier assigned to the 
user by the second server. The first server then authenticates (208) the user based on the 

25 identifier, preferably by locating a matching identifier that was previously stored in the 
registration database, and the logic flow ends (209). Preferably the step of authentication 
(208) includes the steps of authenticating the user based on the identifier and allowing 
a user access to a service provided by the first server. 

In sum, the present invention provides an automated login process for a user 

30 logging onto a host server via an affiliated server. When the user first logs onto the host 
server via the affiliated server, the host server is provided, by the user's client data 
terminal, a provider identifier and a personal identifier associated with the affiliated 
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server. The provider identifier and the personal identifier are then stored by the host 
server in a registration database associated with the host server, along with registration 
information provided by the user. When the user subsequently connects to the host 
server via the affiliated server, the user's client data terminal again provides the provider 
5 identifier and personal identifier to the host server. The host server is then able to 
authenticate the user by matching the received provider identifier and personal identifier 
with the provider identifier and personal identifier stored in the registration database, 
without requiring any data to be input by the user. By eliminating the need for the user 
to input any data, the present invention provides a login process that is seamless and 
10 transparent to the user, yet does not use a cookie. 

While the present invention has been particularly shown and described with 
reference to particular embodiments thereof, it will be understood by those skilled in the 
art that various changes in form and details may be made therein without departing from 
the spirit and scope of the present invention. 

15 

What is claimed is: 
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1 1. A method for providing an automated login for a user connecting to a server, 

2 wherein the server comprises a first server of a plurality of servers that are connected via 

3 a computer network, the method comprising steps of: 

4 receiving a connection to the user via a client data terminal; 

5 receiving an identifier associated with a second server of the plurality of servers; 

6 and 

7 authenticating the user based on the identifier. 

1 2. The method of claim 1, wherein the identifier comprises a provider identifier 

2 associated with the second server and a personal identifier assigned to the user by the 

3 second server. 

1 3. The method of claim 1 , wherein the step of authenticating the user comprises a 

2 step of allowing a user access to a service provided by the first server. 

1 4. The method of claim 1 , wherein the step of receiving a connection comprises a 

2 step of receiving a second connection to a user via a client data terminal, wherein the step 

3 of receiving a provider identifier comprises a step of receiving, during the second 

4 connection, a provider identifier associated with a second server of the plurality of 

5 servers, wherein the step of receiving a personal identifier comprises a step of receiving, 

6 during the second connection, a personal identifier assigned to the user by the second 

7 server, and further comprising steps of: 

8 receiving a first connection to the user via a client data terminal, wherein the first 

9 connection is first in time relative to the second connection; 

10 receiving, during the first connection, an identifier associated with the second 

1 1 server; 

12 receiving registration information from the user; 

13 storing the identifier and the registration information; and 

14 wherein the step of authenticating the user comprises a step of matching the 

15 stored identifier with the identifier received during the second connection. 



10005173 

11 



1 5 . The method of claim 4, wherein the identifier received during the first connection 

2 and the identifier received during the second connection each comprises a provider 

3 identifier associated with a second server and a personal identifier assigned to the user 

4 by the second server. 

1 6. The method of claim 4, wherein the step of storing comprises steps of: 

2 creating a user profile; and 

3 storing the identifier and the registration information in the user profile. 

1 7. The method of claim 4, further including steps of: 

2 requesting, during the first connection, a consent of the user to use the identifier 

3 associated with the second server; and 

4 receiving the requested consent. 

1 8. The method of claim 1, wherein the registration information comprises at least 

2 one of a user name, user post office address, user telephone number, and user electronic 

3 mail address. 

1 9. The method of claim 1 , further comprising a step of assigning, by the first server 

2 and during the first connection, a personal identifier to the user. 

1 10. A method for providing an automated login for a user logging onto a host web 

2 site, the method comprising steps of: 

3 receiving a connection to a user via an affiliated web site; 

4 receiving an identifier associated with the affiliated web site; and 

5 allowing the user access to the host web site based on the received identifier. 

1 11. The method of claim 10, wherein the identifier comprises a provider identifier 

2 associated with the affiliated web site and a personal identifier assigned to the user by a 

3 server hosting the affiliated web site. 



1 



12. 



The method of step 10, wherein the step of receiving a connection comprises a 
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2 step of receiving a second connection of a user via an affiliated web site, wherein the step 

3 of receiving an identifier comprises a step of receiving, during the second connection, an 

4 identifier associated with the affiliated web site, and further comprising steps of: 

5 receiving a first connection of the user via the affiliated web site, wherein the first 

6 connection is first in time relative to the second connection; 

7 receiving, with respect to the first connection, registration information from the 

8 user; 

9 receiving, with respect to the first connection, an identifier associated with the 

10 affiliated web site; and 

1 1 storing the registration information and identifier received with respect to the first 

12 connection. 

1 13. The method of claim 12, wherein the identifier received during the first 

2 connection and the identifier received during the second connection each comprises a 

3 provider identifier associated with the affiliated web site and a personal identifier 

4 assigned to the user by the affiliated web site. 

1 14. The method of claim 12, wherein the registration information and identifier 

2 received with respect to the first connection is stored in a database, and wherein the step 

3 of allowing comprises steps of: 

4 searching the database for an identifier that matches the identifier received with 

5 respect to the second connection; and 

6 when a matching identifier is located, allowing the user access to the host web 

7 site. 

1 15. A server comprising: 

2 a means for receiving a first connection and a second connection to a client data 

3 terminal, wherein the first connection is first in time relative to the second connection; 

4 a means for receiving registration information during the first connection from 

5 a user of the client data terminal; 

6 a means for receiving an identifier associated with an affiliated server during the 

7 first connection, which affiliated server was visited by the user prior to the server 
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8 receiving the first connection to the client data terminal; 

9 a means for storing the received registration information and the identifier; 

10 a means for receiving an identifier during the second connection; and 

11 a means for authenticating the user during the second connection based on the 

12 identifier received during the second connection. 

1 16. The server of claim 15, wherein the identifier received during the first connection 

2 and the identifier received during the second connection each comprises a provider 

3 identifier associated with the affiliated server and a personal identifier assigned to the 

4 user by the affiliated server. 
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A METHOD AND APPARATUS FOR PROVIDING AN AUTOMATED 
LOGIN PROCESS 

Abstract of the Disclosure 

An automated login process is provided for a user connecting to a first server of 
multiple servers that are connected via a computer network. The server receives a 
connection to the user via a client data terminal, receives an identifier associated with a 
second server of the multiple servers, and authenticates the user based on the identifier. 
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Post Office/Address: t Same as residence 



1181 NW Courfrv^ouTt Corvallis OR 97330 



Citizenship: \JS 



(Use Page Two For A 



DECLARATION AND POWER OF ATTORNEY 
FOR PATENT APPLICATION (continued) 



ATTORNEY DOCKET NO. 10005173-1 



Full Name of # 2 joint inventor: John M. Kerr 
Residence: 
Post Office Address: 



2982 NW Pineview Albany OR 97321 



Citizenship: US 



Same as residence 



~ signature 



!L k)oo 20QQ 



Full Name of # 3 joint inventor: 
Residence: _ 
Post Office Address: _ 



inventor's signature 



Full Name of # 4 joint inventor: 

Residence: 

Post Office Address: 



inventor s signature 



Full Name of # 5 joint inventor: 

Residence: 

Post Office Address: 



inventor's signature 



Full Name of # 6 joint ir 

Residence: 

Post Office Address: 



inventor's signature 



Full Name of # 7 joint inventor: 

Residence: 

Post Office Address: 



inventor s Signatur 



Full Name of # 8 joint 

Residence: 

Post Office Address: 



inventor's signature 



e Page Two For Additional Inventor(s) Signature(s)) 



